Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DOS/Rovnix.W infection


  • This topic is locked This topic is locked
6 replies to this topic

#1 reaper61

reaper61

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 07 April 2014 - 09:02 PM

MSE is reporting that my machine is infected by DOS/Rovnix.W Trojan.

 

MSE cannot remove the virus.

 

I ran DDS.exe as requested, but it only produces Attach.txt and not DDS.txt. I ran it several times

with the same result.

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 08 April 2014 - 09:52 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 10 April 2014 - 09:13 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Bryan (administrator) on HAL on 10-04-2014 20:44:34
Running from C:\Users\Bryan\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Intuit) c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Koninklijke Philips Electronics N.V.) C:\Users\Bryan\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Amazon Digital Services, LLC.) C:\Users\Bryan\AppData\Local\Apps\2.0\VHNMTM9V.3L2\GNB0MZJD.VHT\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\AmazonCloudDrive.exe
(Sun Microsystems, Inc.) C:\Users\Bryan\AppData\Local\Apps\2.0\VHNMTM9V.3L2\GNB0MZJD.VHT\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\windows\system32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SKDaemon.exe] - C:\Program Files\Lenovo\Productivity Keyboard\SKDaemon.exe [253440 2010-03-02] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [1439496 2010-10-19] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe"
HKU\S-1-5-21-1178965750-4173072479-2815618880-1000\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1178965750-4173072479-2815618880-1000\...\Run: [RoboForm] - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109336 2012-12-20] (Siber Systems)
HKU\S-1-5-21-1178965750-4173072479-2815618880-1000\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1178965750-4173072479-2815618880-1000\...\Run: [ALconnect] - C:\Users\Bryan\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe [715880 2013-06-10] (Koninklijke Philips Electronics N.V.)
HKU\S-1-5-21-1178965750-4173072479-2815618880-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1178965750-4173072479-2815618880-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-1178965750-4173072479-2815618880-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1178965750-4173072479-2815618880-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1178965750-4173072479-2815618880-1000\...\MountPoints2: {4a33aebf-a282-11e2-98e5-b984cdfde859} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1178965750-4173072479-2815618880-1000\...\MountPoints2: {c06eceb3-63d2-11e3-a3be-a0796f1eecfb} - E:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Bryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
GroupPolicyUsers\S-1-5-21-1178965750-4173072479-2815618880-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1178965750-4173072479-2815618880-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1178965750-4173072479-2815618880-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE072FE967DDBCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKLM - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll No File
URLSearchHook: HKCU - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll No File
SearchScopes: HKLM - DefaultScope {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-dlink-chromesbox-en-us
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-dlink-chromesbox-en-us
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M02977868-86D4-4B97-896A-C721F061CA1F&SearchSource=58&CUI=&UM=5&UP=SP28AC7929-6E7E-4135-8409-9845E59F8B3B&q={searchTerms}&SSPV=
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M02977868-86D4-4B97-896A-C721F061CA1F&SearchSource=58&CUI=&UM=5&UP=SP28AC7929-6E7E-4135-8409-9845E59F8B3B&q={searchTerms}&SSPV=
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =
SearchScopes: HKCU - {FF2F8A58-7519-41B5-BC2A-C63880B68CDC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll No File
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
Toolbar: HKLM - uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll No File
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - uTorrentBar Toolbar - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll No File
Toolbar: HKCU - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 02 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 03 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 04 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 05 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 06 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 17 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Winsock: Catalog9 18 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll [268832] (NVIDIA)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Extension: OneClickDownloader - C:\Users\Bryan\AppData\Roaming\Mozilla\Firefox\profiles\extensions\OneClickDownload@OneClickDownload.com [2012-09-16]
FF Extension: Conduit Engine  - \Extensions\engine@conduit.com [2011-03-05]
FF Extension: uTorrentBar Community Toolbar - \Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011-03-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-22]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012-11-21]

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M02977868-86D4-4B97-896A-C721F061CA1F&SearchSource=55&CUI=&UM=5&UP=SP28AC7929-6E7E-4135-8409-9845E59F8B3B&SSPV=
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: http://www.search.ask.com/web?tpid=BCPA5-V7&o=APN11000&pf=&p2=%5EB3M%5Ezzz000%5EYY%5EUS&gct=&itbv=12.10.2.4291&doi=2014-04-01&apn_uid=137BCE15-D220-4115-A994-4E190BF7AFCD&apn_ptnrs=%5EB3M&apn_dtid=%5Ezzz000%5EYY%5EUS&apn_dbr=cr_33.0.1750.154&psv=&trgb=CR&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Ask Toolbar) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaipdnbfoigfcebmnmjjbdieafanpa [2014-04-01]
CHR Extension: (Google Docs) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-24]
CHR Extension: (Google Drive) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-24]
CHR Extension: (YouTube) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-24]
CHR Extension: (Google Search) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-24]
CHR Extension: (Google Wallet) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-24]
CHR Extension: (Gmail) - C:\Users\Bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-24]
CHR HKLM\...\Chrome\Extension: [aaaaipdnbfoigfcebmnmjjbdieafanpa] - C:\ProgramData\AskPartnerNetwork\Toolbar\BCPA5-V7\CRX\ToolbarCR.crx [2014-02-13]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2014-02-13]
CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader11.crx [2014-02-13]

========================== Services (Whitelisted) =================

R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [1951472 2013-03-01] (Blue Coat Systems, Inc.)
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [315392 2009-06-05] (DeviceVM, Inc.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [387616 2009-07-23] ()
R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [224200 2012-06-12] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [28512 2010-04-03] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43057096 2012-06-12] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe [25825120 2011-06-17] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [178720 2009-07-23] ()
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [1182048 2011-06-17] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-12] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
S3 STSService; "C:\Program Files\AllMusicConverter Media Suite\STSService.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R2 bckd; C:\Windows\System32\drivers\bckd.sys [107760 2013-03-01] (Blue Coat Systems, Inc.)
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1093888 2011-12-12] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2011-02-17] (Windows ® Codename Longhorn DDK provider)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
S4 RsFx0151; C:\Windows\System32\DRIVERS\RsFx0151.sys [240736 2011-06-17] (Microsoft Corporation)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21472 2011-07-22] (Windows ® Win 7 DDK provider)
S3 VSPerfDrv100; C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [54144 2011-01-18] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [106752 2011-01-13] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-01-13] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [106752 2011-01-13] (ZTE Incorporated)
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-10 20:44 - 2014-04-10 20:45 - 00026785 _____ () C:\Users\Bryan\Desktop\FRST.txt
2014-04-10 20:41 - 2014-04-10 20:44 - 00000000 ____D () C:\FRST
2014-04-10 20:40 - 2014-04-10 20:40 - 01145856 _____ (Farbar) C:\Users\Bryan\Desktop\FRST.exe
2014-04-10 20:37 - 2014-04-10 20:38 - 01145856 _____ (Farbar) C:\Users\Bryan\Downloads\FRST.exe
2014-04-09 21:15 - 2014-02-03 21:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 21:15 - 2014-02-03 21:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 21:15 - 2014-02-03 21:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 21:15 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 21:14 - 2014-03-30 19:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 21:14 - 2014-03-30 18:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 21:14 - 2014-03-04 04:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 21:14 - 2014-01-23 21:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 21:04 - 2014-04-07 20:50 - 00001188 _____ () C:\Users\Bryan\Desktop\attach.txt
2014-04-06 19:33 - 2014-04-06 19:35 - 00688992 ____R (Swearware) C:\Users\Bryan\Desktop\dds.com
2014-04-06 11:01 - 2014-04-06 11:01 - 00000000 ____D () C:\Users\Bryan\Downloads\CMS
2014-04-05 19:48 - 2014-04-05 19:48 - 00160976 _____ () C:\Windows\Minidump\040514-33306-01.dmp
2014-04-03 15:42 - 2014-04-03 15:42 - 01440846 _____ () C:\Users\Bryan\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-04-01 18:53 - 2014-04-01 18:53 - 00000000 ____D () C:\Program Files\ESET
2014-04-01 18:27 - 2014-04-03 15:40 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-01 18:27 - 2014-04-01 18:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 18:27 - 2014-04-01 18:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-01 18:27 - 2014-03-05 09:26 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-01 18:27 - 2014-03-05 09:26 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-01 18:27 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 18:26 - 2014-04-01 18:26 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Bryan\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-04-01 18:15 - 2014-04-01 18:15 - 00982016 _____ (Farbar) C:\Users\Bryan\Downloads\MiniToolBox.exe
2014-04-01 15:52 - 2014-04-01 16:29 - 00000000 ____D () C:\Users\Bryan\Adobe Acrobat XI Pro
2014-04-01 15:50 - 2014-04-01 15:50 - 02469824 _____ () C:\Users\Bryan\Downloads\AdobeDownloadAssistant.exe
2014-04-01 15:50 - 2014-04-01 15:50 - 00000961 _____ () C:\Users\Public\Desktop\Adobe Download Assistant.lnk
2014-04-01 15:50 - 2014-04-01 15:50 - 00000000 ____D () C:\Users\Bryan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-04-01 15:50 - 2014-04-01 15:50 - 00000000 ____D () C:\Program Files\Adobe Download Assistant
2014-04-01 15:43 - 2014-04-02 16:08 - 00000000 ____D () C:\Users\Bryan\AppData\Local\VNT
2014-04-01 15:43 - 2014-04-02 16:08 - 00000000 ____D () C:\Program Files\VNT
2014-04-01 15:43 - 2014-04-01 15:43 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-04-01 15:43 - 2014-04-01 15:43 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-04-01 15:42 - 2014-04-01 15:42 - 00000000 ____D () C:\ProgramData\APN
2014-03-30 12:40 - 2014-03-30 12:40 - 00000000 ____D () C:\Users\Bryan\Documents\ProcAlyzer Dumps
2014-03-29 23:58 - 2011-01-27 16:00 - 00001211 _____ () C:\Windows\system32\Drivers\etc\hosts.20140329-235803.backup
2014-03-29 23:42 - 2014-03-30 00:33 - 00000661 _____ () C:\Windows\wininit.ini
2014-03-29 08:04 - 2014-03-29 08:04 - 00000000 ____D () C:\Users\Sandy\AppData\Local\SearchProtect
2014-03-29 04:26 - 2014-03-29 04:26 - 00161024 _____ () C:\Windows\Minidump\032914-54881-01.dmp
2014-03-29 00:22 - 2014-03-29 00:22 - 00000000 ____D () C:\Users\Bryan\Documents\PC Health Kit
2014-03-29 00:20 - 2014-03-30 16:10 - 00000000 ____D () C:\Program Files\PC Health Kit
2014-03-29 00:20 - 2014-03-30 13:07 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-29 00:20 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-03-29 00:19 - 2014-03-29 00:30 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-29 00:19 - 2014-03-29 00:19 - 00000000 ____D () C:\Users\Bryan\AppData\Local\SearchProtect
2014-03-24 20:45 - 2014-03-30 17:44 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-03-24 20:39 - 2014-03-24 20:41 - 10744360 _____ (SparkTrust) C:\Users\Bryan\Downloads\SparkTrust AntiVirus Setup.exe
2014-03-24 20:30 - 2014-03-24 20:30 - 00007625 _____ () C:\Users\Bryan\AppData\Local\Resmon.ResmonCfg
2014-03-24 19:31 - 2014-03-24 19:31 - 00000000 ____D () C:\Users\Bryan\Documents\Resume
2014-03-24 19:25 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-03-24 19:25 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-24 19:25 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-24 19:25 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-24 19:22 - 2014-03-24 19:25 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-21 21:51 - 2014-04-03 15:52 - 00000000 ____D () C:\Users\Bryan\Documents\Vending Company
2014-03-21 11:09 - 2014-03-21 11:09 - 00000000 ____D () C:\2a34ab14e75fc38d97b170
2014-03-21 11:08 - 2014-03-21 11:08 - 25578720 _____ (Microsoft Corporation) C:\Users\Bryan\Downloads\Windows-KB890830-V5.10.exe
2014-03-21 10:56 - 2014-03-21 10:56 - 00000000 ____D () C:\ProgramData\Microsoft Visual Studio
2014-03-15 11:06 - 2014-03-15 11:07 - 00000000 ____D () C:\Program Files\iTunes
2014-03-15 11:06 - 2014-03-15 11:06 - 00000000 ____D () C:\Program Files\iPod
2014-03-13 00:27 - 2014-02-28 23:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 00:27 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 00:27 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 00:27 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 00:27 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 00:27 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 00:27 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 00:27 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 00:27 - 2014-02-28 22:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 00:27 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 00:27 - 2014-02-28 22:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 00:27 - 2014-02-28 22:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 00:27 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 00:27 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 00:27 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 00:27 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 00:27 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 00:27 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 00:27 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 00:27 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 00:27 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 00:26 - 2014-02-06 20:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 00:26 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 00:26 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 00:26 - 2014-01-27 21:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 21:19 - 2014-03-11 21:19 - 00212049 _____ () C:\Users\Sandy\Downloads\Place1.rbxl

==================== One Month Modified Files and Folders =======

2014-04-10 20:45 - 2014-04-10 20:44 - 00026785 _____ () C:\Users\Bryan\Desktop\FRST.txt
2014-04-10 20:44 - 2014-04-10 20:41 - 00000000 ____D () C:\FRST
2014-04-10 20:44 - 2013-07-16 19:15 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 20:42 - 2009-07-13 23:34 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 20:42 - 2009-07-13 23:34 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 20:40 - 2014-04-10 20:40 - 01145856 _____ (Farbar) C:\Users\Bryan\Desktop\FRST.exe
2014-04-10 20:38 - 2014-04-10 20:37 - 01145856 _____ (Farbar) C:\Users\Bryan\Downloads\FRST.exe
2014-04-10 20:29 - 2013-02-18 21:28 - 00000000 ____D () C:\Users\Bryan\AppData\Local\Deployment
2014-04-10 20:10 - 2011-03-05 14:57 - 01214574 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 19:50 - 2012-04-10 21:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 17:37 - 2011-03-05 15:31 - 00000177 ____H () C:\dvmexp.idx
2014-04-10 17:28 - 2013-09-14 16:48 - 00000000 ____D () C:\Program Files\Steam
2014-04-10 17:28 - 2013-07-16 19:15 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 17:26 - 2011-03-05 15:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-10 17:26 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 17:26 - 2009-07-13 23:39 - 00060019 _____ () C:\Windows\setupact.log
2014-04-10 00:07 - 2011-03-05 19:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 00:06 - 2013-07-13 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 00:02 - 2011-03-08 22:49 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 20:50 - 2014-04-06 21:04 - 00001188 _____ () C:\Users\Bryan\Desktop\attach.txt
2014-04-06 20:05 - 2011-03-05 16:39 - 00000000 ____D () C:\Users\Bryan\AppData\Roaming\uTorrent
2014-04-06 19:35 - 2014-04-06 19:33 - 00688992 ____R (Swearware) C:\Users\Bryan\Desktop\dds.com
2014-04-06 14:45 - 2013-11-22 17:46 - 00000000 ____D () C:\Users\Bryan\AppData\Roaming\Skype
2014-04-06 12:51 - 2011-03-13 20:02 - 00000000 ____D () C:\Users\Bryan\AppData\Local\Microsoft Games
2014-04-06 11:01 - 2014-04-06 11:01 - 00000000 ____D () C:\Users\Bryan\Downloads\CMS
2014-04-06 10:57 - 2012-04-04 06:04 - 00000000 ____D () C:\Users\Bryan\Documents\Visual Studio 2010
2014-04-06 10:01 - 2009-07-13 23:53 - 00032604 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-05 19:48 - 2014-04-05 19:48 - 00160976 _____ () C:\Windows\Minidump\040514-33306-01.dmp
2014-04-05 19:48 - 2014-02-28 18:42 - 00000000 ____D () C:\Windows\Minidump
2014-04-05 19:48 - 2014-02-28 18:41 - 352565648 _____ () C:\Windows\MEMORY.DMP
2014-04-05 00:19 - 2011-03-05 15:46 - 00573678 _____ () C:\Windows\PFRO.log
2014-04-03 15:52 - 2014-03-21 21:51 - 00000000 ____D () C:\Users\Bryan\Documents\Vending Company
2014-04-03 15:42 - 2014-04-03 15:42 - 01440846 _____ () C:\Users\Bryan\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-04-03 15:40 - 2014-04-01 18:27 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 15:04 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\security
2014-04-03 15:03 - 2011-03-06 01:20 - 00000000 ____D () C:\Users\Bryan\AppData\Roaming\SoftGrid Client
2014-04-03 14:23 - 2014-02-13 11:25 - 00000000 ____D () C:\Users\Bryan\Documents\Outlook Files
2014-04-03 04:25 - 2011-11-09 19:50 - 00000000 ____D () C:\Users\Sandy\AppData\Local\Akamai
2014-04-02 16:08 - 2014-04-01 15:43 - 00000000 ____D () C:\Users\Bryan\AppData\Local\VNT
2014-04-02 16:08 - 2014-04-01 15:43 - 00000000 ____D () C:\Program Files\VNT
2014-04-02 16:08 - 2012-04-06 16:06 - 00000000 ____D () C:\Program Files\RegServe
2014-04-02 16:08 - 2011-03-05 16:40 - 00000000 ____D () C:\Program Files\uTorrentBar
2014-04-02 16:08 - 2011-03-05 16:40 - 00000000 ____D () C:\Program Files\ConduitEngine
2014-04-01 18:53 - 2014-04-01 18:53 - 00000000 ____D () C:\Program Files\ESET
2014-04-01 18:27 - 2014-04-01 18:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-01 18:27 - 2014-04-01 18:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-01 18:26 - 2014-04-01 18:26 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Bryan\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2014-04-01 18:15 - 2014-04-01 18:15 - 00982016 _____ (Farbar) C:\Users\Bryan\Downloads\MiniToolBox.exe
2014-04-01 16:29 - 2014-04-01 15:52 - 00000000 ____D () C:\Users\Bryan\Adobe Acrobat XI Pro
2014-04-01 15:52 - 2011-03-05 13:39 - 00000000 ____D () C:\Users\Bryan
2014-04-01 15:50 - 2014-04-01 15:50 - 02469824 _____ () C:\Users\Bryan\Downloads\AdobeDownloadAssistant.exe
2014-04-01 15:50 - 2014-04-01 15:50 - 00000961 _____ () C:\Users\Public\Desktop\Adobe Download Assistant.lnk
2014-04-01 15:50 - 2014-04-01 15:50 - 00000000 ____D () C:\Users\Bryan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-04-01 15:50 - 2014-04-01 15:50 - 00000000 ____D () C:\Program Files\Adobe Download Assistant
2014-04-01 15:43 - 2014-04-01 15:43 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-04-01 15:43 - 2014-04-01 15:43 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2014-04-01 15:42 - 2014-04-01 15:42 - 00000000 ____D () C:\ProgramData\APN
2014-03-30 19:13 - 2014-04-09 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 18:57 - 2014-04-09 21:14 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 17:44 - 2014-03-24 20:45 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-03-30 16:48 - 2011-03-05 16:18 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-30 16:48 - 2011-03-05 16:16 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-30 16:10 - 2014-03-29 00:20 - 00000000 ____D () C:\Program Files\PC Health Kit
2014-03-30 14:13 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-30 13:07 - 2014-03-29 00:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-30 12:40 - 2014-03-30 12:40 - 00000000 ____D () C:\Users\Bryan\Documents\ProcAlyzer Dumps
2014-03-30 00:33 - 2014-03-29 23:42 - 00000661 _____ () C:\Windows\wininit.ini
2014-03-29 08:04 - 2014-03-29 08:04 - 00000000 ____D () C:\Users\Sandy\AppData\Local\SearchProtect
2014-03-29 04:26 - 2014-03-29 04:26 - 00161024 _____ () C:\Windows\Minidump\032914-54881-01.dmp
2014-03-29 00:30 - 2014-03-29 00:19 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-29 00:22 - 2014-03-29 00:22 - 00000000 ____D () C:\Users\Bryan\Documents\PC Health Kit
2014-03-29 00:19 - 2014-03-29 00:19 - 00000000 ____D () C:\Users\Bryan\AppData\Local\SearchProtect
2014-03-24 23:48 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-03-24 23:24 - 2014-02-03 14:06 - 00000000 ____D () C:\Users\Bryan\Cloud Drive
2014-03-24 20:41 - 2014-03-24 20:39 - 10744360 _____ (SparkTrust) C:\Users\Bryan\Downloads\SparkTrust AntiVirus Setup.exe
2014-03-24 20:30 - 2014-03-24 20:30 - 00007625 _____ () C:\Users\Bryan\AppData\Local\Resmon.ResmonCfg
2014-03-24 19:34 - 2011-03-10 21:02 - 00115712 ___SH () C:\Users\Bryan\Documents\Thumbs.db
2014-03-24 19:31 - 2014-03-24 19:31 - 00000000 ____D () C:\Users\Bryan\Documents\Resume
2014-03-24 19:26 - 2013-12-12 16:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-24 19:25 - 2014-03-24 19:22 - 00005163 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-03-24 19:25 - 2012-08-25 17:27 - 00000000 ____D () C:\Program Files\Java
2014-03-21 20:34 - 2012-09-25 15:30 - 00000600 _____ () C:\Users\Bryan\AppData\Roaming\winscp.rnd
2014-03-21 11:09 - 2014-03-21 11:09 - 00000000 ____D () C:\2a34ab14e75fc38d97b170
2014-03-21 11:08 - 2014-03-21 11:08 - 25578720 _____ (Microsoft Corporation) C:\Users\Bryan\Downloads\Windows-KB890830-V5.10.exe
2014-03-21 10:56 - 2014-03-21 10:56 - 00000000 ____D () C:\ProgramData\Microsoft Visual Studio
2014-03-21 09:59 - 2011-03-05 15:27 - 01000878 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-21 09:09 - 2013-06-20 17:14 - 00000000 ____D () C:\Program Files\Blue Coat K9 Web Protection
2014-03-20 01:14 - 2013-01-18 23:08 - 00148480 ___SH () C:\Users\Bryan\Downloads\Thumbs.db
2014-03-16 18:39 - 2014-01-20 14:41 - 00001166 _____ () C:\Users\Sandy\Desktop\ROBLOX Studio 2013.lnk
2014-03-16 18:39 - 2013-10-26 15:40 - 00000000 ____D () C:\Users\Sandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-03-15 11:07 - 2014-03-15 11:06 - 00000000 ____D () C:\Program Files\iTunes
2014-03-15 11:06 - 2014-03-15 11:06 - 00000000 ____D () C:\Program Files\iPod
2014-03-15 11:06 - 2011-03-10 20:45 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-15 10:59 - 2011-03-10 20:46 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-13 03:23 - 2009-07-13 23:33 - 00532848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:22 - 2011-03-06 01:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 07:50 - 2012-04-10 21:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-12 07:50 - 2011-05-12 21:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 21:19 - 2014-03-11 21:19 - 00212049 _____ () C:\Users\Sandy\Downloads\Place1.rbxl
2014-03-11 21:16 - 2013-10-26 15:40 - 00000000 ____D () C:\Users\Sandy\AppData\Local\Roblox
2014-03-11 09:52 - 2010-10-24 22:25 - 00104264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys

Some content of TEMP:
====================
C:\Users\Bryan\AppData\Local\Temp\ose00000.exe
C:\Users\Bryan\AppData\Local\Temp\ose00001.exe
C:\Users\Bryan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Kenny\AppData\Local\Temp\tabfix6CC6.exe
C:\Users\Rebekah\AppData\Local\Temp\tabfixBF5A.exe
C:\Users\Sandy\AppData\Local\Temp\install_flashplayer11x32_mssa_aih.exe
C:\Users\Sandy\AppData\Local\Temp\install_reader11_en_mssa_aaa_aih.exe
C:\Users\Sandy\AppData\Local\Temp\tabfixCAD3.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 00:37

==================== End Of Log ============================



#4 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 10 April 2014 - 09:21 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Bryan at 2014-04-10 20:49:51
Running from C:\Users\Bryan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
3ivx MPEG-4 5.0.2 (remove only) (HKLM\...\3ivx MPEG-4 5.0.2) (Version: 5.0.2 - 3ivx Technologies, Pty. Ltd.)
ActiveLink Connect (HKCU\...\ActiveLink Connect) (Version: 5.8.0.17220 - Koninklijke Philips Electronics N.V.)
ActiveLink Connect (Version: 5.8.0.17220 - Koninklijke Philips Electronics N.V.) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS5.5 (HKLM\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Adobe Widget Browser (Version: 2.0.230 - Adobe Systems Incorporated.) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{42435041-352D-5637-00A7-A758B70C0A02}) (Version: 12.10.2.4291 - APN, LLC) <==== ATTENTION
ASUSUpdate (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
AutoCAD Electrical 2009 (HKLM\...\AutoCAD Electrical 2009) (Version: 6.0.50.0 - Autodesk)
AutoCAD Electrical 2009 (Version: 6.0.50.0 - Autodesk) Hidden
AutoCAD Electrical 2011 (HKLM\...\AutoCAD Electrical 2011) (Version: 8.0.51.0 - Autodesk)
AutoCAD Electrical 2011 (Version: 8.0.51.0 - Autodesk) Hidden
AutoCAD Electrical 2011 Language Pack - English (Version: 8.0.51.0 - Autodesk) Hidden
Autodesk Design Review 2011 (HKLM\...\Autodesk Design Review 2011) (Version: 11.0.0.86 - Autodesk, Inc.)
Autodesk Design Review 2011 (Version: 11.0.0.86 - Autodesk, Inc.) Hidden
Autodesk Inventor View 2009 (HKLM\...\Autodesk Inventor View 2009) (Version: 13.0.0000.23000 - Autodesk, Inc.)
Autodesk Inventor View 2009 (Version: 13.0.0000.23000 - Autodesk, Inc.) Hidden
Autodesk Inventor View 2011 (Version: 15.0.0000.23900 - Autodesk) Hidden
Autodesk Inventor View 2011 English (HKLM\...\Autodesk Inventor View 2011) (Version: 15.0.0000.23900 - Autodesk)
Autodesk Inventor View 2011 English Language Pack (Version: 15.0.0000.23900 - Autodesk) Hidden
Autodesk Material Library 2011 (HKLM\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Medium Image library (HKLM\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
Autodesk Vault 2011 (Client) (HKLM\...\Autodesk Vault 2011 (Client)) (Version: 15.0.58.0 - Autodesk, Inc.)
Autodesk Vault 2011 (Client) (Version: 15.0.58.0 - Autodesk, Inc.) Hidden
Autodesk Vault 2011 (Client) English Language Pack (Version: 15.0.58.0 - Autodesk, Inc.) Hidden
Bing Ads Intelligence (HKCU\...\BD4F486BB9396EFC30A39B83E40F2AE4C01690BF) (Version: 9.0.12133.121 - Microsoft Corporation)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.268 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Conduit Engine (HKLM\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Crystal Reports for Visual Studio (Version: 12.51.0.240 - SAP) Hidden
CuteFTP 8 Professional (HKLM\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.3.4 - GlobalSCAPE)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Dotfuscator Software Services - Community Edition (HKLM\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Dungeonland (HKLM\...\Steam App 218130) (Version:  - Critical Studio)
DWG TrueView 2009 (HKLM\...\DWG TrueView 2009) (Version: 17.2.56.0 - Autodesk)
DWG TrueView 2009 (Version: 17.2.56.0 - Autodesk) Hidden
DWG TrueView 2011 (HKLM\...\DWG TrueView 2011) (Version: 18.1.49.0 - Autodesk)
DWG TrueView 2011 (Version: 18.1.49.0 - Autodesk) Hidden
DwimPerl version 0.07 (HKLM\...\dwimperl_is1) (Version: 0.07 - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Express Gate (HKLM\...\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}) (Version: 1.4.10.4 - DeviceVM, Inc.)
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FileZilla Client 3.0.9.3 (HKLM\...\FileZilla Client) (Version: 3.0.9.3 - )
GDR 2550 for SQL Server 2008 R2 (KB2716440) (HKLM\...\KB2716440) (Version: 10.51.2550.0 - Microsoft Corporation)
GIMP 2.6.4 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 - English (HKLM\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Books Online (HKLM\...\{74F7B314-0507-4F91-9A4E-B6C9B027E410}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{185292F7-7C0A-4F72-B2CC-CBEBD40B050E}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{3259DA79-18B1-45E3-8EBD-3ECEC28E0957}) (Version: 10.51.2550.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x86) (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Neat ADF Scanner 2008 Driver (HKLM\...\{A4A42670-82B9-4A58-8955-20271DBBF29F}) (Version: 2.0.0.61 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{58155B30-6BE9-4268-A059-149629149C63}) (Version: 2.0.0.56 - The Neat Company)
Neat Mobile Scanner (Silver) Driver (HKLM\...\{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}) (Version: 2.0.0.63 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{57F5920A-9897-4830-BD4A-BE85DA9734FF}) (Version: 2.0.0.69 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}) (Version: 2.0.0.122 - The Neat Company)
NeatWorks (HKLM\...\NeatWorks) (Version: 4.9.5.5 - The Neat Company)
NeatWorks Core Files (Version: 4.9.5.5 - The Neat Company) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7313 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7313 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Pandora (HKLM\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
Pandora (Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.72 - ASUSTek)
PreReq (Version: 6.2.3.0 - Eastman Kodak Company) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickBooks (Version: 20.0.4015.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (HKLM\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4015.807 - Intuit Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RegServe (HKLM\...\RegServe) (Version: 7.1.3.7 - Xionix Inc.)
RoboForm 7-8-5-7 (All Users) (HKLM\...\AI RoboForm) (Version: 7-8-5-7 - Siber Systems)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.9.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{D25CE1C4-B19D-4615-A24F-4FEA3E9B10B4}) (Version: 4.1.1282.0 - SmartSoft Ltd.)
SmartFTP Client 4.1 Setup Files (remove only) (HKLM\...\SmartFTP Client 4.1 Setup Files) (Version: 4.1 - SmartSoft Ltd)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Analysis Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 BI Development Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Client Tools (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Integration Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Reporting Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
USB Enhanced Performance Keyboard Software (HKLM\...\{989DC5D9-A776-430D-9E16-D36E5B81CD86}) (Version: 2.0.1.7 - Lenovo)
uTorrentBar Toolbar (HKLM\...\uTorrentBar Toolbar) (Version: 6.2.7.3 - uTorrentBar) <==== ATTENTION
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{267B6912-6F26-4FFD-9342-8E84A7B26151}) (Version: 2.13.1103 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Flash (HKLM\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinSCP 5.1 (HKLM\...\winscp3_is1) (Version: 5.1 - Martin Prikryl)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2012-11-23 16:59 - 2014-03-29 23:58 - 00451098 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {04C5D850-79DC-41B4-8654-3549455FF514} - \Security Center Update - 3071984785 No Task File
Task: {0C81A2B0-7EB4-45B4-92EA-3C19564EDEDF} - \Security Center Update - 395806323 No Task File
Task: {30646320-4334-46F1-A15A-63C61925D8E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {328E9110-2E14-4164-A20A-494757FD6201} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-16] (Google Inc.)
Task: {3596010A-04C5-4CE3-BD00-9B4AC59F09B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-16] (Google Inc.)
Task: {3F4399A1-7F09-4EFA-853A-AD143F6647AD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {468BA719-94CE-47CD-8E89-CE30310B060B} - \Security Center Update - 3919505645 No Task File
Task: {4ECCC5BD-61D3-4700-8A08-9D594A67DC2A} - \Security Center Update - 1364074682 No Task File
Task: {50F1BBD6-B470-4C91-88BB-57D5E12A6F5B} - \Security Center Update - 2810636777 No Task File
Task: {613FAFDA-78A4-4F6B-85AD-0010180C1519} - System32\Tasks\{35BF31EE-26C8-4D55-AD2C-E33C41090DEB} => C:\Users\Bryan\Desktop\xf-a2011-32bits.exe
Task: {6B9F305F-80BD-4F95-9B42-1288C0B8B832} - System32\Tasks\4689 => Wscript.exe C:\Users\Bryan\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6CCCA513-92A1-4AF9-BDE1-997314EF1727} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {767C4AA4-CC4A-484C-8B59-282D9683B52D} - \Security Center Update - 4017666001 No Task File
Task: {8724857B-62A3-4B32-95BA-D6822C5277DF} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMOMOJLJOMJMKJHMMJCNKJIMHMLJCNLMJJLMIMCNGMLMLJLJCNIMIMKMJJNMJJLMLJJMJJPMGMJNJICMIMCNHMCNKMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMNMGMJNHICMMJBJKJLIMJJNBJCMNLNIGIOJBJPNHLAJAJPIKJNIJNKJCMNJHJAJAJPIKJNIPLMJHJOJFIOJOIBNBJKJLIJNNICMNIAJNJAJJJAJNICJBNMJAJCJJNDJCMKJBJ"
Task: {924EE41D-0515-4921-A482-8A9A1178DD8F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {97588B31-5357-4277-AFE9-05DF862E533D} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-02] ()
Task: {AFF88B70-8958-4281-A208-C6811F612AFA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BBC768A5-3E37-4070-85F6-AB1C448B532F} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {D57B26B9-1750-4EE8-8264-8E4E7ED1CB83} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2012-12-20] (Siber Systems)
Task: {E4583318-C1A7-485F-885C-FC9753FC1ED2} - \Security Center Update - 3338179885 No Task File
Task: {EE1CEA79-98B4-42C2-A599-22FD3A2AF148} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-23 18:23 - 2009-07-23 18:23 - 00387616 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2009-07-23 18:23 - 2009-07-23 18:23 - 00068128 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-07-23 18:23 - 2009-07-23 18:23 - 00436768 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-03-29 00:19 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-29 00:19 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-29 00:19 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-29 00:19 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-29 00:19 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-06-17 13:36 - 2011-12-14 17:53 - 00303360 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
2012-06-17 13:36 - 2011-12-14 10:22 - 00368640 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
2009-07-23 18:23 - 2009-07-23 18:23 - 00178720 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2012-11-19 04:02 - 2013-10-23 02:19 - 00092448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2008-05-06 03:45 - 2008-05-06 03:45 - 00094720 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-01-15 13:10 - 2013-12-12 17:19 - 00142848 _____ () C:\Program Files\Steam\libavresample-1.dll
2014-01-15 13:10 - 2013-11-04 20:12 - 00890592 _____ () C:\Program Files\Steam\libavutil-52.dll
2013-08-21 14:18 - 2014-02-10 21:34 - 00751616 _____ () C:\Program Files\Steam\SDL2.dll
2013-09-06 12:55 - 2014-02-25 16:57 - 01135296 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2013-08-07 11:31 - 2014-01-10 18:33 - 20625832 _____ () C:\Program Files\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-14 18:49 - 01100800 _____ () C:\Program Files\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-14 18:49 - 00124416 _____ () C:\Program Files\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-14 18:49 - 00192000 _____ () C:\Program Files\Steam\bin\avformat-53.dll
2012-06-17 13:36 - 2011-12-14 17:55 - 08453376 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2012-06-17 13:36 - 2011-12-14 10:43 - 00278528 _____ () C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2014-02-03 14:06 - 2014-04-10 17:30 - 00046080 _____ () C:\Users\Bryan\AppData\Local\Apps\2.0\VHNMTM9V.3L2\GNB0MZJD.VHT\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll
2014-03-30 14:15 - 2014-03-30 14:15 - 00541696 _____ () C:\Users\Bryan\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: qjhsoijv => "C:\Users\Bryan\AppData\Local\ejpsdjud.exe"
MSCONFIG\startupreg: RSListener => C:\Program Files\RegServe\RSListener.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\Bryan\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter #3
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2014 05:40:16 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042306).

Error: (04/10/2014 05:40:11 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 000000F4,0x0053c06c,00921C60,0,0018E210,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/10/2014 05:39:50 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 000000EC,0x0053c06c,00921C60,0,0018E210,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/10/2014 05:39:31 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 0000014C,0x0053c06c,0018E210,0,00187FE8,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/10/2014 05:39:15 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000144,0x0053c06c,0018D210,0,00187FE8,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/10/2014 05:39:02 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 0000014C,0x0053c06c,0018B210,0,00187FE8,4096,[0]).  hr = 0x8007045d, The request could not be performed because of an I/O device error.
.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/10/2014 05:29:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/10/2014 05:27:06 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (04/10/2014 05:24:35 PM) (Source: Report Server Windows Service (MSSQLSERVER)) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Error: (04/10/2014 00:02:15 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80042306).

System errors:
=============
Error: (04/10/2014 08:57:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (04/10/2014 08:43:37 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (04/10/2014 08:31:58 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.

Error: (04/10/2014 05:40:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/10/2014 05:40:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/10/2014 05:40:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/10/2014 05:40:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/10/2014 05:40:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/10/2014 05:40:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (04/10/2014 05:40:11 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Microsoft Office Sessions:
=========================
Error: (04/10/2014 05:40:16 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042306

Error: (04/10/2014 05:40:11 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 000000F4,0x0053c06c,00921C60,0,0018E210,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/10/2014 05:39:50 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 000000EC,0x0053c06c,00921C60,0,0018E210,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/10/2014 05:39:31 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 0000014C,0x0053c06c,0018E210,0,00187FE8,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/10/2014 05:39:15 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 00000144,0x0053c06c,0018D210,0,00187FE8,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/10/2014 05:39:02 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{62cc4462-4762-11e0-a4e6-806e6f6e6963} - 0000014C,0x0053c06c,0018B210,0,00187FE8,4096,[0])0x8007045d, The request could not be performed because of an I/O device error.

Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Execution Context: System Provider

Error: (04/10/2014 05:29:39 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/10/2014 05:27:06 PM) (Source: Report Server Windows Service (MSSQLSERVER))(User: )
Description: Report Server Windows Service (MSSQLSERVER)

Error: (04/10/2014 05:24:35 PM) (Source: Report Server Windows Service (MSSQLSERVER))(User: )
Description: Report Server Windows Service (MSSQLSERVER)

Error: (04/10/2014 00:02:15 AM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80042306

==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 3327.18 MB
Available physical RAM: 1219.96 MB
Total Pagefile: 7034.35 MB
Available Pagefile: 2918.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:284.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 19EF19EE)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 reaper61

reaper61
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 10 April 2014 - 09:39 PM

TDSSKiller log attached

Attached Files



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 11 April 2014 - 08:42 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:15 PM

Posted 08 May 2014 - 04:17 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users